package core.filter;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class URLfilter implements Filter{

	public boolean UrlFile(HttpServletRequest request){
		String s = request.getQueryString(); 
		if (s != null) { 
			Pattern pattern = Pattern 
						.compile("(?i)[|;$@'\"<>()+,\\\\#]|%7C|%3B|%24|%40|%27|%22|%3C|%3E|%28|%29|%2B|%2C|%5C|%23"); 
			Matcher matcher = pattern.matcher(s); 
			if (matcher.find()) { 
				System.out.println(s);				
				return true;
			}
		}		
		return false;
	}	

	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		
		if(UrlFile((HttpServletRequest)request)){
		    HttpServletResponse response1 = (HttpServletResponse) response;  
		    HttpServletRequest request1 = (HttpServletRequest) request; 
		    //request1.setAttribute("BsException", "非法操作");//存储业务异常信息类   
		    request1.getRequestDispatcher("/WEB-INF/errorPages/filterError.jsp").forward(request1, response1);//跳转到信息提示页面！！  
			return;
		}else{
			chain.doFilter(request, response);
		}
		
	}

	public void init(FilterConfig filterConfig) throws ServletException {}
	
	public void destroy() {}
//	public static boolean sql_inj(String str) 
//	 {
//	    String inj_str = "'|and|exec|execute|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+|,|like";
//	    String inj_stra[] = inj_str.split("|");
//	    for (int i=0 ; i < inj_stra.length ; i++ )
//	    {
//	        if (str.indexOf(inj_stra[i])>=0)
//	        {
//	            return true;
//	        }
//	    }
//	    return false;
//	 }


}
